Cybersecurity & The Future of Auto Repair
NASTF Fall Meeting, Wednesday, November 4, 2015. Las Vegas, NV
Moderator: Donnie Seyfer
Panelists: Milan Patel (IBM), Mohan Sethi (Mahle)
The recent advent of vehicle telematics has created a new and exciting market for technology suppliers and OEMs. The ability to provide innovative features and services to the consumer through their infotainment system unlocks unlimited possibilities of connectivity and productivity. Just like the Internet, however, these technologies become susceptible to those who would hijack it for less than altruistic reasons. In short, they are susceptible to compromise or hack.
The panelists in this session were experts in technology and cyber-security, and delved into the darker side of this growing connected vehicle world. They attempted to broaden the discussion so tool and equipment suppliers, as well as representatives from most of the OEM automakers, could clearly identify the issues and threats facing this emerging market and attempt to be proactive in protecting and securing the data involved.
Historically, according to Milan Patel, IT attacks follow a pattern of maturity, starting with university research to identify risk gaps. This is followed by a wave of revenge (disgruntled) attacks, then to criminal activity, normally motivated by financial theft. Industrial espionage may follow with state-sponsored espionage next, where governments use technology to cripple an enemy and/or create an intelligence advantage. Patel suggested vehicle technology is squarely in stage 1 but we should expect more deviant behavior going forward.
The first main topic introduced involves a technology idiom called “The Internet of Things”. With the proliferation of sensors and data collection devices, virtually all aspects of our lives can be monitored, recorded and analyzed. Contrary to the way this is normally presented (as a negative), this can be used to improve just about any process and/or cycle by having predictable data to draw valid conclusions. An example could be connected vehicles using real-world data to manage rush hour traffic flow.
Telematics and connected vehicle technology allow suppliers and OEMs to accomplish things that would have been impossible fifteen years ago. With this, however, comes the real possibility of data hacking and malicious software code propagation. Threats can come from music downloads, Internet websites, Dongle-connected devices, and vendor connections, just to name a few. Hence the need for security planning and IT infrastructure design to manage the threat/attack surfaces.
One of the weak links in the current implementation model is the concept of “Flashing-Over-The-Air”, or using a telematics ECU to wirelessly reprogram one or multiple vehicle ECUs. The telematics hardware generally would be considered off-the-shelf (OTS), or not OEM developed/proprietary. This OTS technology would be vulnerable to hacks because the industry has knowledge of the devices used and the data transfer methodology. A collaborative effort is required between the supplier and the OEM to ensure that security is implemented in the telematics units to avoid compromise.
A second weak link is the Vehicle Communication Interface (VCI), or the hardware that is physically connected to the vehicles’ 16-pin data link connector (DLC) for diagnostics. The possibility of infected code being loaded into the VCI and then being transferred to the vehicle network(s) requires a more sophisticated level of software security than is currently being implemented.
Since VCIs are physically connected to hundreds, perhaps thousands of vehicles in its life cycle, the potential to infect a large population of vehicles is very real. Most of the OEMs utilize third party suppliers for both VCI hardware and firmware, and more structured IT guidelines should be implemented to reduce the risk of VCI infection.
A very slight deviation from the VCI threat is that of unsecured Wi-Fi shop networks, which can and would be an easy access point into the VCI itself. Most VCIs connect to the shop via a PC/laptop, which would be connected to the network of the shop to access the Internet. Inadequate network/Wi-Fi security opens up an easy attack surface and should be managed with security as number one requirement.
The Connected Vehicle model being introduced by major technology companies is more than just an individual vehicle sharing data up to a central server. To accomplish the ultimate goal of interconnected vehicles, they all must share data (by design), and consequently are susceptible to network virus infiltration if you have a vehicle that has an infection.
Unlike most other technology sectors, the automotive platform is utilized for 15+ years before it is life-cycled out of active usage. Compare this with a cell phone or PC/laptop that normally only gets used for 3-4 years before traded up to newer hardware. Legacy systems are inherently insecure, because they were designed before security was a significant design concern. The open-ended question becomes, “How are these legacy systems supported or upgraded?”
How do we be vigilant and disciplined in our activities? A few areas to be cognizant of were suggested as a first line of defense.
Control what media is inserted in any computer in the shop and/or vehicle. Examples include, but are not limited to: CD/DVDs, USB sticks, cell phones, etc.).
Discourage/prohibit users from sharing log-in credentials, especially with persons of unknown background.
Avoid borrowing/lending tools that could transport malicious code (scan tool, laptop, VCI, etc.).
Avoid counterfeit software and hardware.
Keep a segregated Diagnostic network, separate from the shop financials, customer records and critical business data.
View your systems from the perspective of not only how you could be hacked, but also what your organization would do if it were.
[Thank you to Bob Augustine and Bob Chabot for their contribution of this session summary for publication by NASTF.]
Send comments and questions on this topic to firstname.lastname@example.org.